2017 the year Cybercrime became the new normal. The cybersecurity landscape changed immeasurably after several high-profile attacks caused major disruption around the World.
In the UK, the WannaCrypt0r 2.0 ransomware attack (also known as WannaCry) brought the NHS to a standstill. A&E departments, outpatient centres and GP surgeries were forced to close in a desperate effort to stop the malicious software from spreading.
High profile cases have the unintended effect of making SMB’s believe that cybercrime isn’t something that will affect them. Media reports give the impression that only large organisations and government institutions that are targeted by cybercrime.
However, a Government report indicates that 45% of SMBs suffered cybersecurity attacks or breach of some form in the last 12 months. In fact, it wasn’t just the NHS that was hit by the WannaCry attack. It is thought that over 300,000 computers at organisations of all sizes were affected in 145 different countries, proving that these attacks are indiscriminate and opportunistic.
What is a ransomware attack?
Ransomware is a form of malware that locks Users out of their computers, while demanding a ransom to regain access. The malware usually enters the system via email, when unsuspecting Users open emails sent to them by hackers . Clicking on malicious links that release the virus onto their computer, before spreading to other computers in the network.
When ransomware is installed on the system, it spreads instantaneously, infecting all of an organisation’s unprotected data in a matter of moments. From a single employee’s machine, the virus can spread to every connected device, desktop, laptop, server and storage unit within a network. It then locks out the whole organisation from critical information, before demanding a ransom.
In many cases, the malware demands that the user quickly pays the ransom, either by providing a deadline after which all the data will be deleted or by increasing the price day by day. The criminals usually ask to be paid in Bitcoin, which is the cryptocurrency of choice for hackers, used because it makes the recipient of a payment untraceable.
Such aggressive behaviour can often scare organisations into payment. But this can make matters worse. First, it is fuelling criminal activity and therefore encouraging criminals to carry out further attacks; secondly, in many cases, paying the ransom does not unlock your data at all.
Ransomware / Ransomware-as-a-Service (RaaS)
Sold widely on the dark web is 25% of Ransomware cyberattacks and Ransomware-as-a- Service (RaaS). A collection of websites and services that lie hidden from normal search engines like Google and require special software to access. This makes it easy for criminals who don’t have in-depth knowledge of its workings to get their hands on the technology and carry out attacks. If businesses remain unprotected and victims keep paying the ransom in a desperate panic to regain their files, hackers will continue to view ransomware as a viable way to cause disruption and make money.
Major Ransomware attacks in 2017
The WannaCry attack that infected as many as 40 hospitals and 24 NHS Trusts is the most high-profile example of a ransomware attack to hit the UK. In June, a similar attack, called the Petya virus, caused widespread damage globally. This included shutting down the monitoring systems at the Chernobyl nuclear power plant. The Petya attack shows that WannaCry was not just a one-off. We should expect more to come.
What other threats exist?
Ransomware may be making all the headlines, but it isn’t the only threat that exists. Let’s take a quick look at other risks facing organisations.
The maxim that there is always someone in every organisation who will click on anything, often proves to be true.
Phishing attacks revolve around an attempt to trick employees and usually done via emails. These appear to be from trusted sources, asking for: –
- personal details such as passwords
- credit card numbers
- downloading malicious files.
Log-in pages for Google, PayPal, Yahoo and Apple are often impersonated to lure unsuspecting Users into giving away their passwords.
In recent years, it has become the most common way that hackers try to install viruses, including the recent ransomware attacks.
Internal threats remain one of the largest causes of data breaches. Ranging from human error to rogue employees, the consequences can be as costly as any other type of cybercrime. It can take the form of an ex-employee hacking back into the system using their old password and either corrupting and deleting the files themselves or leaking sensitive data to the public or, worse, to other cybercriminals on the black market.
The key to dealing with the risks associated with rogue employees is to adopt strict permissions management; and watch out for typical early warning signs from disgruntled employees. Very often they will make repeat verbal ‘warnings’ to colleagues about the amount they know about the company before taking action.
Distributed Denial of Service (DDoS) attacks also pose a threat to SMBs. A DDoS attack inundates websites with fake visitors to overwhelm Servers to the point that they can no longer cope and shut down. Hactivists carry out Cyberattacks. Also, by government sponsored hackers and business competitors, who want to cause as much disruption as possible.
One survey of IT leaders found that a third of respondents (34%) encounter DDoS attacks on a weekly basis. The consequences can be severe. Customers can lose trust in your services if they lose access to them at critical times. 45% reported a loss in customer confidence after a DDoS attack.